ModSecurity is an open-source Web Application Firewall (WAF) for Apache Nginx and IIS web server. This application layer firewall is developed by Trustwave's SpiderLabs and released under Apache License 2.0. ModSecurity protects websites from hackers by using a set of regular expression rules to filter out commonly known exploits, it allows HTTP traffic monitoring, logging, real-time analysis, and attack detection. There are more than 16.000 rule available to detect attacks like SQL Injection, Cross-site Scripting (XSS), Local File Inclusion, Remote File Inclusion and application-specific rules for many web applications like Wordpress, Joomla, Drupal etc.

In this tutorial, I will show you how to install mod_security for the fast Nginx web server. I will configure ModSecurity as a standalone module and then build Nginx from source to include ModSecurity.

Prerequisites

An Ubuntu 15.04 server, I will use the IP here 192.168.1.106.

Root Privileges

What we will do in this tutorial:

Update the Ubuntu 15.04 System and Repository.

Install required Dependencies to build Nginx and ModSecurity.

Download ModSecurity and Nginx.

Install ModSecurity and Nginx.

Configure Nginx.

Configure ModSecurity.

Configure OWASP Core Rule Set(CRS).

Testing.

All commands below have to be executed as root. Run:

sudo -i

to become root user on your server.

1. Update System and Repository

Before you start to install all dependencies, please update your system:

apt-get updateapt-get upgrade

2. Install the build dependencies

Install all packages that are required to compile Nginx and ModSecurity with apt command below:

Conclusion

ModSecurity is an open source WAF (Web Application Firewall) developed by Trustwave's SpiderLabs to secure your web applications. There are more than 16.000 rules available to detect attacks like SQL Injection, XSS, LFI, RFI etc. ModSecurity is easy to install and available as module for Apache, Nginx and IIS for windows.